The DTRG is the Data Controller for the purposes of the Data Protection Act 1998 and the General Data Protection Regulation (GDPR) 2018.
Personal data held
The personal data held by the DTRG is obtained from the completion of membership application forms, that provide name, address, telephone number and email address.
Lawful basis of processing
The DTRG’s lawful basis of processing the personal data that it holds is two-fold:
Most of our processing is necessary to maintain the contracts that the DTRG has with its members. This processing consists of:
2. Legitimate Interests
We assess we can rely on Legitimate Interests to carry out these items:
Sharing with third parties
The DTRG uses only one third party provider to deliver part of the services it provides. The third party currently used:
The DTRG will never sell its members' information to third parties, nor does it transfer data outside the UK.
Retention of and access to personal data
Members’ records are held during membership and for a period of twelve months after it ceases. If you wish your personal data to be erased more quickly than this, you should contact the DTRG’s Membership Secretary in writing. If you would like to access the information the DTRG holds about you (called a Subject Access Request) or to change the information held, or to cancel membership, please contact the Membership Secretary in writing.
Protocol concerning non-members
There may be occasions when non-members personal data is required for health & safety reasons if assisting the DTRG as a volunteer. In such circumstances the personal data will be destroyed at the end of the day.
Technical and Security Measures
Paper membership application forms are held securely by the Membership Secretary. The database is held on computer equipment and is backed-up. Access to the computer is protected and restricted. Officers of the DTRG committee have password protected access to relevant member details via the securely hosted DTRG website.
We have no members under the age of 18 and do not currently anticipate any joining.
Data protection breaches will be reported by the DTRG to the Information Commissioner’s Office in line with the requirements of that office. Should a breach occur, an investigation would take place to identify the root cause and to put in place measures to avoid a recurrence.
These include a right to object to our use of your personal data on grounds relating to your particular situation and the right to lodge a complaint with a supervisory body. If you wish to make a complaint about how the DTRG has processed your personal data, you may contact the Chairman at the address given on the website. If you do not receive a reply within 30 days you may complain to the Information Commissioner's Office.